Ransomware is malicious software that infects computer servers, desktops, laptops, tablets, and smartphones, penetrating various ways and spreading across a company from one device to the next. After infecting a system, the virus silently encrypts every data file it discovers, then displays a ransom message to the user. The extortion letter begins by requesting an online payment of hundreds to thousands of dollars (usually in an untraceable cryptocurrency such as Bitcoin) in exchange for the decryption keys needed to recover the user’s locked data.
For various reasons, ransomware gangsters find transportation and logistics to be appealing targets. One, the consequences of a successful ransomware assault are felt well beyond the company’s walls, impacting the supply chains of hundreds or thousands of other firms and increasing the pressure to pay the ransom to restore service. Two, the business’s highly networked nature (which crosses with smaller forwarders, suppliers, producers, and retailers at various points) creates several sources of malware infiltration: locate a weak link, and ransomware can propagate swiftly along the chain of systems. Three, in the absence of a crippling attack, relatively modest profits have made it difficult to justify expenditures on cybersecurity equipment. Many industry players have had to reassess their priorities in the wake of a recent spate of severe ransomware attacks on transportation and logistics organizations.
Ransomware costs a lot of money, and it’s getting more expensive
Ransomware attacks have influenced and cost far beyond the transportation and logistics business. Nuance, for example, recently stated that a ransomware assault company endured in the fall of 2017 cost them $68 million in refunds to consumers and another $24 million in cleanup expenditures.
These are just a few of the more high-profile incidents from recent months. According to several studies, ransomware has been said to have harmed 55 percent of firms. The amount of ransom that criminals can obtain from victims alone indicates an alarming trend: total ransoms increased from $325 million in 2015 to $5 billion in 2017 and are expected to reach $11.5 billion by 2019. However, as examples like Maersk and Nuance demonstrate, the actual cost of ransomware attacks is significantly greater, including expenditures of business interruption, attack recovery and forensics, brand equity loss, lost customers, and compliance violation fines. The global expenses of the WannaCry outbreak, for example, are projected to be in the billions of dollars.
The transition of this category of malware from a one-time cottage industry to a modern, criminal version of the software-as-a-service business is mainly responsible for its rapid expansion. Ransomware gangs adopted the strategy of software companies such as Salesforce.com, which develops and improves their product continuously and relies on a network of distributors to get them onto as many devices as possible. Ransomware is distributed by lower-level, unskilled criminals that employ several ways to assault victims, such as phishing emails with infected web links or files and bogus websites that silently download malware to visitors. Another prevalent strategy utilized in both the WannaCry and NotPetya ransomware outbreaks is exploiting operating system vulnerabilities that are not widely known (so-called zero-day exploits) and thus likely to go unpatched.
Criminal software engineers are constantly developing new ransomware variants to exploit various vulnerabilities in operating systems, applications, and user behavior, staying one step ahead of business IT and security staffers and the tech vendors they rely on for defensive measures under this so-called ransomware-as-a-service model. These ransomware gangs have established sophisticated distribution, monitoring, notification, and payment infrastructures that they freely share with their “distributors.” To get into the ransomware distribution business, would-be thieves only need to download a few easy-to-use software tools and start spreading the infection. The revenues from ransom victims are divided between the developers and distributors.
How transportation & logistics providers can combat ransomware
Transportation and logistics providers can take some fundamental steps to protect their systems from the operational disruptions and high costs of successful ransomware attacks in the face of this rapidly expanding danger. The first step is to educate staff about the strategies used by ransomware distributors, teaching them to be cautious of email links, websites visited, and attachments opened.
Good network and security hygiene procedures, such as segmenting networks to prevent ransomware from spreading from system to system, keeping endpoint anti-malware software up to date, and patching new vulnerabilities in operating systems and apps as rapidly as possible, remain critical.
Finally, given the high success rate of ransomware attacks, it’s vital to have a strict backup strategy and preserve several copies of critical business and patient data on-site, off-site, and in the cloud. The most foolproof security against ransomware is a routine, frequent backup. If your systems are infected, you can identify the commencement of the attack and restore your systems from clean backups produced before the intrusion.
Paying the ransom is a poor defense, according to law enforcement and security experts: more than half of ransomware victims who pay do not recover their files, either because the extortionists fail to deliver the promised keys or because the encryption/decryption algorithms are implemented so poorly that the keys do not work.
Transportation and logistics companies will need to implement the basic measures outlined above and consider deploying cutting-edge ransomware defense technologies like proactive remote monitoring, remote backup and recovery plan, phishing security, etc.
In the future years, threat actors will continue to target organizations in the transportation sector. Businesses in this industry must remain attentive and take the threat of ransomware seriously. TMS-Digital by Protected Harbor, for example, is a cybersecurity solutions supplier. We have over a decade of experience assuring safety and security, and we thrive on customer pleasure. Contact TMS-Digital today to learn more about our top-rated anti-phishing solution!